Checkpoint client

(changing the subject for you)

Many IPSec clients fail behind ANY NAT device, not just ISA.
Supposedly, there is a specific version of hte Cisco VPN client that supports 
NAT traversal.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 20 Jan 2004 18:06:22 -0800
 "Sam Chapman" <adminone@xxxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi all,

Not to change subjects or anything but it is amazing that I have yet to
speak or hear from anyone that has successfully run a secure remote
checkpoint client behind ISA. Rumors are ISA changes the packet header and
drops all incoming communication regardless if it is destined to a firewall
or a secure Nat client, and regardless of the Ip packet filters or protocol
rules that one might have setup. The question here is does ISA really allow
communication between a secure remote client corporate office? I have tried
it myself, opening all possible ports, creating filters and protocol rules
did not work.

Thank you all,

Sam

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, January 20, 2004 4:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship

http://www.ISAserver.org

Hi Michael,

I'm getting a 403 to that site regardless of Web Proxy client config or
not.

Tom 

-----Original Message-----
From: Michael Weber [mailto:mweber@xxxxxxxxxxxx] 
Sent: Tuesday, January 20, 2004 11:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship

http://www.ISAserver.org

I am running that version, and that is the article I followed.

The only other weird thing that is happening is that when I try to
access https://www.uoss.ups.com/ from IE I sometimes get a 403 error,
sometimes I get the login screen, and sometimes I get an internal UPS
website error ("A recursive error was detected").  It seems to me that I
should never get an error if I just try to access the site from a web
browser.

Michael Weber

-----Original Message-----
From: Fares Rihani (Personal) [mailto:Fares@xxxxxxxxxx]
Sent: Tuesday, January 20, 2004 12:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship

http://www.ISAserver.org

Michael,

Make sure you are running the latest version. I have no problems running
under 5.0.37.  I had connection problems before upgrading so it is worth
a shot.  

Here is the article for direct connection that I used.  
http://www.isaserver.org/tutorials/Configuring_Web_Proxy_Clients_for_Dir
ect_Access.html

Is that how you configured your setup?

Fares Rihani



-----Original Message-----
From: Michael Weber [mailto:mweber@xxxxxxxxxxxx]
Sent: Tuesday, January 20, 2004 12:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship


http://www.ISAserver.org

I do have the direct connection in UPS enabled, and I have tried it with
a proxy and without.  With the proxy enabled, I still get the "Peer's
certificate has an invalid signature" error.  It just occurs after a
connection to the proxy server is made.  The entry in the web proxy ISA
log says that it made the connection; however, it returns a 64 error
code (The specified network name is no longer available).

Michael Weber


192.168.0.26, anonymous, ICCTest_http/1.0, N, 1/20/2004, 12:02:26,
w3proxy, <server>, -, www.uoss.ups.com, 153.2.73.100, 443, 0, 52, 1752,
SSL-tunnel, TCP, -, www.uoss.ups.com:443, -, Inet, 64, 0x0, Internal
access, Allow rule




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
fares@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mweber@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: